> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy santhanam > Sent: Friday, 05 August, 2011 08:09
> I have to write back rsa public/private key to calling function, > i have tried below program using i2d_RSAPrivatekey(). > My application will not accept RSA * structure, it will accept only char > or strings to be return as s key. It's not clear what you're trying to do. Your code is actually operating on a private key but your label says pubkey. You talk about 'encrypting the message' but RSA_private_encrypt is a misnomer, it actually provides integrity protection (signing) NOT confidentiality (encryption). > #include <stdio.h> > #include <string.h> > #include <openssl/rsa.h> > typedef struct { > unsigned char cl_priv[1000]; > } DER_RSA; If you change to a keysize that is actually secure, this will be too small for a private key (at least an OpenSSL private key, which has all the CRT components). It will be big enough for a public key if that's what you actually want and do. Although DER is self-delimiting, the length computation is nontrivial. I would keep the length explicitly in the struct. > generate(DER_RSA *ctr) Since 1999 'implicit int' is gone from C. You must declare the return type of a function (and the type of a variable etc.). If you don't want to return a value, declare it 'void'. > { > RSA *rsa, *pub_rsa, *priv_rsa; > unsigned char keybuf[512], *p; If this 512 is intended to be related to the size of the key, or related cryptogram(s), remember that keys (and ciphers and hashes etc) are in bits, while C char is a byte. > int len; > // DER_RSA *ctr; > printf("hello"); > > rsa = RSA_generate_key(512, RSA_F4,NULL,NULL); 512-bit RSA has been in range for factoring, and thus insecure, for about a decade now. In general you should always check for errors, here a returned null pointer, before using the result. In particular I think RSA_generate_key could fail for lack of entropy, though yours apparently didn't. > /* get separated der key pair */ > p=ctr->cl_priv; > len=i2d_RSAPrivateKey(rsa,&p); > printf("\nlen=%d\n",len); > return ; > RSA_free(rsa); This is never executed, so you have a (small) memory leak. > } > int main() > { > int i; > DER_RSA *ctr; This is an uninitialized pointer, and > generate(ctr); this uses that pointer to try to access memory. That can cause many different problems. > printf("pubkey=%s",ctr->cl_priv); > } > pubkey=(null) It looks like 'ctr' happened to be 0, which in C is the null pointer (except very weird systems you can ignore). *Many* C platforms nowadays fault for access to 0, because it's such a common bug; what are you running on? If you want to use a DER_RSA object (containing a buffer), create one and then use it. Even if this encoded to proper memory, DER (the result of i2d_anything) is not a C string and can't validly be printed with %s, or strcpy'ed, or strcmp'ed, etc. You need to treat it as binary data, and that's why you want to keep track explicitly of its length. Alternatively you can further encode it into a form that IS a valid string; base64 and hex are two popular ones. PEM is a variant of base64 builtin to OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org